How to make a custom Authorize attribute in ASP.NET Core?

Question

In MVC 4 we can override some methods of AuthorizeAttribute class to implemenrt custom Authorize attribute.

For an example: https://stackoverflow.com/a/21634723/6120338

public class DemoAuthorizeAttribute : AuthorizeAttribute
{
    public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
    {
        if (Authorize(actionContext))
        {
            return;
        }
        HandleUnauthorizedRequest(actionContext);
    }

    protected override void HandleUnauthorizedRequest(System.Web.Http.Controllers.HttpActionContext actionContext)
    {
        var challengeMessage = new System.Net.Http.HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized);
        challengeMessage.Headers.Add("WWW-Authenticate", "Basic");
        throw new HttpResponseException(challengeMessage);
    }

    private bool Authorize(System.Web.Http.Controllers.HttpActionContext actionContext)
    {
        try
        {
            var someCode = (from h in actionContext.Request.Headers where h.Key == "demo" select h.Value.First()).FirstOrDefault();
            return someCode == "myCode";
        }
        catch (Exception)
        {
            return false;
        }
    }
}

and controller will be

[DemoAuthorize]
public class ValuesController : ApiController{

This is in MVC4. But how to do the same in ASP.NET CORE?
There is no OnAuthorization , HandleUnauthorizedRequest, Authorize overriding method in AuthorizeAttribute class.

You are not supposed to override the Authorize Attribute. You are supposed to use the policy based authentication. See the post from blowdart (person at ASP.NET Core team responsible for the ASP.NET Core Security) — Tseng, Apr 30 '17 at 14:27
Thanks, It is likely same. But I need to filter Request Header . — Ritwick Dey, Apr 30 '17 at 15:00

How to make a custom Authorize attribute in ASP.NET Core?

0 Answers0